API CHANGE: Add Security::ignore_disallowed_actions() to allow site f…

…eatures to be disabled when permissions have failed, rather than redirecting to the log-in form. (Trac #7097)

security/Security.php

@@ -158,6 +158,8 @@ static function set_default_message_set($messageSet) {
 	 * to log in.
 	 */
 	static function permissionFailure($controller = null, $messageSet = null) {
+		self::set_ignore_disallowed_actions(true);
+
 		if(!$controller) $controller = Controller::curr();
 
 		if(Director::is_ajax()) {
@@ -864,4 +866,18 @@ public static function default_login_dest() {
 		return self::$default_login_dest;
 	}
 
+	protected static $ignore_disallowed_actions = false;
+
+	/**
+	 * Set to true to ignore access to disallowed actions, rather than returning permission failure
+	 * Note that this is just a flag that other code needs to check with Security::ignore_disallowed_actions()
+	 * @param $flag True or false
+	 */
+	public static function set_ignore_disallowed_actions($flag) {
+		self::$ignore_disallowed_actions = $flag;
+	}
+	public static function ignore_disallowed_actions() {
+		return self::$ignore_disallowed_actions;
+	}
+
 }

view/SSViewer.php

@@ -612,7 +612,9 @@ public function __construct($templateList) {
 			if(Director::isDev() || Director::is_cli() || Permission::check('ADMIN')) {
 				self::flush_template_cache();
 			} else {
-				return Security::permissionFailure(null, 'Please log in as an administrator to flush the template cache.');
+				if(!Security::ignore_disallowed_actions()) {
+					return Security::permissionFailure(null, 'Please log in as an administrator to flush the template cache.');
+				}
 			}
 		}